Abstract: A method for securing a secret of a client using an escrow agent operatively connected to the client includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, and storing the encrypted secret on the client.

Abstract: A method for verifying a secret decryption of an escrow agent by a client operatively connected to the escrow agent includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, after encrypting the secret, encrypting, based on a verification trigger, a verification value using the public key to obtain an encrypted verification value, sending the encrypted verification value to the escrow agent, obtaining a secret decryption response from the escrow agent, making a determination, based on the secret decryption response, that the escrow agent is not capable of decrypting the secret, and based on the determination, performing a remediation action.

Abstract: A method for verifying a secret decryption of an escrow agent by a client operatively connected to the escrow agent includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, after encrypting the secret, encrypting, based on a verification trigger, a verification value using the public key to obtain an encrypted verification value, sending the encrypted verification value to the escrow agent, obtaining a secret decryption response from the escrow agent, making a determination, based on the secret decryption response, that the escrow agent is not capable of decrypting the secret, and based on the determination, performing a remediation action.

Abstract: A method for securing a secret of a client using an escrow agent operatively connected to the client includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, and storing the encrypted secret on the client.

Abstract: A method for managing documents includes obtaining, from a first computing device, a first signed document, and in response to obtaining the first signed document: identifying a first plurality of validity services associated with the signed document, sending a verification request to the first plurality of validity services, wherein each of the plurality of verification requests specifies the first signed document, obtaining a plurality of verification responses from the first plurality of validity services, and making a determination, based on the plurality of verification responses, that the first signed document is valid.

Abstract: In general, embodiments of the invention relates to a method for managing data, the method includes obtaining, by an untrusted device and from a querying system, an item query, identifying a leaf block of a hierarchical block tree associated with the item query, identifying a plurality of indirect blocks that allow the querying system to calculate a top hash of the hierarchical block tree, and sending an item query response to the querying system, wherein the item query response specifies the leaf block, the plurality of indirect hashes corresponding to the plurality of indirect blocks, and a signature of the top hash, wherein the signature is obtained from a trusted system.

Abstract: In general, embodiments of the invention relates to a method for managing data, the method includes obtaining, by an untrusted device and from a querying system, an item query, identifying a leaf block of a hierarchical block tree associated with the item query, identifying a plurality of indirect blocks that allow the querying system to calculate a top hash of the hierarchical block tree, and sending an item query response to the querying system, wherein the item query response specifies the leaf block, the plurality of indirect hashes corresponding to the plurality of indirect blocks, and a signature of the top hash, wherein the signature is obtained from a trusted system.

Abstract: A method for managing documents includes obtaining, from a first computing device, a first signed document, and in response to obtaining the first signed document: identifying a first plurality of validity services associated with the signed document, sending a verification request to the first plurality of validity services, wherein each of the plurality of verification requests specifies the first signed document, obtaining a plurality of verification responses from the first plurality of validity services, and making a determination, based on the plurality of verification responses, that the first signed document is valid.

Abstract: Methods and apparatus for safe processing of on-demand delete requests are disclosed. An item is stored in a storage entity that is associated with a trusted secure device. A delete request to delete the item is received at the trusted secure device. However, the trusted secure device does not yet delete the item from the storage entity. The trusted secure device creates an audit log of the delete request. The audit log specifies the item to be deleted and includes information about the delete request. The audit log is made available to an approval source. The approval source must grant approval in the form of an approval response in order for the item to be deleted. If the trusted secure device receives an approval response from the approval source, the item is deleted.

Abstract: Methods and apparatus for safe processing of on-demand delete requests are disclosed. An item is stored in a storage entity that is associated with a trusted secure device. A delete request to delete the item is received at the trusted secure device. However, the trusted secure device does not yet delete the item from the storage entity. The trusted secure device creates an audit log of the delete request. The audit log specifies the item to be deleted and includes information about the delete request. The audit log is made available to an approval source. The approval source must grant approval in the form of an approval response in order for the item to be deleted. If the trusted secure device receives an approval response from the approval source, the item is deleted.

Abstract: The basic concept is that before a resource is accessed, the entity that has the burden of gathering the credentials, pro-actively refreshes the credentials and keeps them current. In one instance, a presenter of credentials, for example, a client, pro-actively refreshes the credentials such that at the time of presentation, the credentials meet the resource-specific constraints of a recipient of credentials, for example, a resource server. For each resource that it protects, a resource server typically establishes various constraints such as a recency requirement, which specifies how recently a credential has to have been issued to be accepted as an adequate credential. Other constraints may include maximum certificate chain length, trust level and so forth. In another instance, a recipient of credentials pro-actively gathers and refreshes credentials to prevent un-authorized access to the various resources it is protecting.

Abstract: A system efficiently distributes processing-intensive loads among a plurality of intermediate stations in a computer internetwork. The intermediate stations include routers, bridges, switches and/or firewalls configured with monitoring and filtering agents that communicate via a defined protocol to implement the system. Those stations configured with agents and having available resources cooperate to execute the loads which generally comprise verification operations on digital signatures appended to frame and/or packet traffic traversing paths of the computer internetwork. Techniques associated with the system are directed to efficiently detecting and filtering unauthorized traffic over portions of the internetwork protected as trust domains as well as unprotected portions of the internetwork.

Abstract: A bridge for simultaneous connection to n LANs, where n is greater than 2, and methods for determining whether the bridge has been connected properly. The bridge includes storage for respectively associating the (n2−n)/2 unique pairs of LANs connected by the bridge with (n2−n)/2 parallel bridge numbers. Messages received from a first LAN are forwarded to a second LAN only if the message identifies the second LAN and the parallel bridge number which is associated in the storage with the first and second LANs. To determine whether two or more ports of the bridge are connected to the same LAN, the bridge attempts to transmit messages from each of its ports to each other respective port by addressing the messages to the data link addresses of the other ports. After transmission, the bridge waits a short time interval and determines whether any of the messages are received at any of its ports.

Abstract: A technique for logically connecting local communications networks (CNs) that may be separated by wide area networks containing routers and other network components. A logical link is formed between two devices called tunnelers, such that, once a tunnel has been established between two CNs, other devices on the CNs can communicate. The tunneling mechanism of the invention requires that each CN have only one active tunneler at any particular time, referred to as the designated tunneler, and each of the tunnelers is configured to have knowledge of the identities of the other tunnelers. A tunnel is established after a successful exchange of messages between two tunnelers, and then traffic may be forwarded through the tunnel in a transparent manner. The tunneling mechanism permits messages to be forwarded between CNs separated by a wide area network containing routers.

Abstract: An authentication method and process are provided. One aspect of the process of the present invention includes authorizing a first on-line revocation server (OLRS) to provide information concerning certificates issued by a certificate authority (CA) that have been revoked. If the first OLRS is compromised, a second OLRS is authorized to provide certificate revocation information, but certificates issued by the CA remain valid unless indicated by the second OLRS to be revoked.

Abstract: A technique for logically connecting local area networks (LANs) that may be separated by wide area networks containing routers and other network components. A logical link is formed between two bridge-like devices called tunnelers, such that, once a tunnel has been established between two LANs, other devices on the LANs can communicate as if the tunnel were a bridge. The tunneling mechanism of the invention requires that each LAN or extended LAN have only one active tunneler at any particular time, referred to as the designated tunneler, and each of the tunnelers is configured to have knowledge of the identities of the other tunnelers. A tunnel is established after a successful exchange of messages between two tunnelers, and then traffic may be forwarded through the tunnel in a transparent manner. The tunneling mechanism permits messages to be forwarded between LANs separated by a wide area network containing routers.

Abstract: A bridge for simultaneous connection to n LANs, where n is greater than 2, and methods for determining whether the bridge has been connected properly. The bridge includes storage for respectively associating the (n.sup.2 -n)/2 unique pairs of LANs connected by the bridge with (n.sup.2 -n)/2 parallel bridge numbers. Messages received from a first LAN are forwarded to a second LAN only if the message identifies the second LAN and the parallel bridge number which is associated in the storage with the first and second LANs. To determine whether two or more ports of the bridge are connected to the same LAN, the bridge attempts to transmit messages from each of its ports to each other respective port by addressing the messages to the data link addresses of the other ports. After transmission, the bridge waits a short time interval and determines whether any of the messages are received at any of its ports.

Abstract: An apparatus for forwarding a data packet from a first link to a second link is disclosed. The apparatus is coupled with a plurality of computer networks through ports on the apparatus. The apparatus maintains a spanning tree list indicating which of the apparatus ports are active. The apparatus receives a packet, and determines if the packet was received from a port that is active. If the packet was received from a port that is not active, the packet is discarded. If the packet is not discarded, the data link source address of the packet is stored in a database within the apparatus for the computer network coupled with the port from which the packet was received. The apparatus then decides, responsive to a contents of a data link destination address field in the packet, whether to forward the packet as a bridge or to forward the packet as a router.